Security Expert Warned Solarwinds in 2019 That Anyone Could Access Their Server With Password ‘solarwinds123’
Russian hack confirmed!
A security researcher said he warned SolarWinds in 2019 that the IT company’s update server could be accessed by using the password “solarwinds123,” according to a Tuesday Reuters report.
The revelation comes days after a massive hack of the Austin-based SolarWinds was made public, an attack that has since been confirmed to have infiltrated US government agencies. According to Reuters, experts are now tracing their steps to identify any weak security points that hackers could have taken advantage of. Security expert Vinoth Kumar told Reuters that he warned the company last year about setting the password for a secure server as “solarwinds123.”
Kumar told the publication that “this could have been done by any attacker, easily.” SolarWinds did not immediately respond to Business Insider’s request for comment.
The attack specifically involved hackers plugging malware into the IT company’s Orion software, which was later distributed to about 18,000 clients.
It’s unclear which clients specifically were affected by the hack, but SolarWinds has more than 300,000 clients, many of which are Fortune 500 companies including Microsoft, AT&T, and McDonald’s, as well as government agencies.
The Trump administration acknowledged that the hackers had indeed gained access to official networks, including the US Treasury. The Department of Homeland Security and the State Department are also confirmed to have been hacked.
As Business Insider’s Aaron Holmes reported, the hackers were able to spy on the companies and federal agencies for months, free to peruse victims’ files and private communications sent by the top brass of the US government. They gained access in March, as the COVID-19 pandemic first began setting into the US, and were able to steal data undetected. The hack was just made public this week, and US authorities directed clients running the Orion software to disconnect from it.
Source: Business Insider